I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

concerned about the risk of browser-based socially engineered malware. Should we use a particular browser?

The Web browser -- which is the most commonly used interface for accessing and interacting with data on the Web and other networks -- is a critical application that needs to protect users from attack. This means that security should be a key factor for administrators when choosing which browser to deploy across the enterprise. Studies looking at how different browsers fare when pitted against various types of threats can be useful, as they provide metrics to compare one browser against another, helping administrators decide which browser best suits their enterprise's security profile. However, admins must read carefully to fully appreciate what the results really mean, particularly if they focus specifically on only one type of threat. Vendors and test agencies often differ in how they define adware, spyware and advanced persistent threats, and incorporating new and unknown malware is almost impossible in a controlled test.

Socially engineered malware (SEM) is a growing threat. Socially engineered attacks use several different methods to deceive users into downloading malicious software. For example, a website that may look nonthreatening can convince visitors to download and execute a malicious piece of software. As the browser is the primary vector for delivering SEM, it must be the first line of defense against such attacks. The main technologies used for defeating SEM are URL filtering and application reputation.

The latest report from NSS Labs tested eight different browsers -- including three from China -- against SEM. Internet Explorer came out on top with a 99.9% block rate. Chrome came in third at 70.7%, and Firefox and Safari only managed around 4% each. Microsoft and Google use a combination of URL filtering and application reputation, with Microsoft relying more on URL filtering than Google. The disparity between Chrome and IE could be due to a change in how strict the application reputation system is for Chrome, or because hackers have been able to devise tactics that avoid this method of detection.

Interestingly, the Kingsoft Liebao Browser, which came in second behind IE with a block rate of 85%, does not use application reputation technology, but rather scans all downloads with a combination of URL filtering and cloud-based file scanning technology that Kingsoft uses for its antivirus product.

The NSS Labs report clearly puts IE ahead of its competition in providing early protection against SEM. So should enterprises change their browser selection?

If malware is not detected and blocked at the initial download phase, users are reliant on host-based antimalware to block it at the execution phase. For both technologies, the consistency of protection and the amount of time required to update protection against new threats is a critical metric, so cloud-based endpoint protection file scanning (as used by Liebao) could be the way forward, as updates don't need to be pushed to every user.

However, note that what works today may not work tomorrow -- attackers quickly adapt to technologies that try to protect users from their sites, and overall enterprise security depends on users' online behavior and habits. Employees who are taught how to identify social engineering attacks will rely less on technology for protection and will remain more secure when that technology fails or is thwarted. Enterprises should look at how well a browser fits into their overall defensive strategy and how it defends against the particular threats they face to decide which would be the most effective for them.

Join the conversation

1 comment

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.